CVE List - 2021 / November
Showing 1301 - 1400 of 1508 CVEs for November 2021 (Page 14 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24729 | 2021-11-23 | Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting |
| CVE-2021-24812 | 2021-11-23 | BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24830 | 2021-11-23 | Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24873 | 2021-11-23 | Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting |
| CVE-2021-24875 | 2021-11-23 | eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting |
| CVE-2021-24877 | 2021-11-23 | MainWP Child < 4.1.8 - Admin+ SQL Injection |
| CVE-2021-24882 | 2021-11-23 | Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24888 | 2021-11-23 | ImageBoss < 3.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24891 | 2021-11-23 | Elementor < 3.4.8 - DOM Cross-Site-Scripting |
| CVE-2021-24892 | 2021-11-23 | Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR |
| CVE-2021-24894 | 2021-11-23 | Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS |
| CVE-2021-31852 | 2021-11-23 | Cross-Site Scripting vulnerability in Policy Auditor |
| CVE-2021-31851 | 2021-11-23 | Cross-Site Scripting vulnerability in Policy Auditor |
| CVE-2021-25986 | 2021-11-23 | Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section |
| CVE-2021-21561 | 2021-11-23 | Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the... |
| CVE-2021-36299 | 2021-11-23 | Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability... |
| CVE-2021-36300 | 2021-11-23 | iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the... |
| CVE-2021-36301 | 2021-11-23 | Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability... |
| CVE-2021-36311 | 2021-11-23 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized... |
| CVE-2021-36312 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability... |
| CVE-2021-36313 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2021-36314 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files... |
| CVE-2021-36332 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary... |
| CVE-2021-36333 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. |
| CVE-2021-36334 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on... |
| CVE-2021-36335 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files... |
| CVE-2021-35033 | 2021-11-23 | A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device,... |
| CVE-2021-37997 | 2021-11-23 | Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a... |
| CVE-2021-37998 | 2021-11-23 | Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-37999 | 2021-11-23 | Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a... |
| CVE-2021-38000 | 2021-11-23 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML... |
| CVE-2021-38001 | 2021-11-23 | Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38002 | 2021-11-23 | Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2021-38003 | 2021-11-23 | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38004 | 2021-11-23 | Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-42785 | 2021-11-23 | Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59 |
| CVE-2021-42784 | 2021-11-23 | OS Command Injection in debug_fcgi in D-Link DWR-932C E1 Firmware 1.0.0.4 |
| CVE-2021-42783 | 2021-11-23 | Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4 |
| CVE-2021-43777 | 2021-11-23 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) |
| CVE-2021-41192 | 2021-11-23 | Insecure default configuration |
| CVE-2021-43780 | 2021-11-23 | Server-Side Request Forgery (SSRF) in Redash |
| CVE-2021-28704 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started... |
| CVE-2021-28705 | 2021-11-24 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests... |
| CVE-2021-28706 | 2021-11-24 | guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory... |
| CVE-2021-28707 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started... |
| CVE-2021-28708 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started... |
| CVE-2021-28709 | 2021-11-24 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests... |
| CVE-2021-31822 | 2021-11-24 | When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the... |
| CVE-2021-42297 | 2021-11-24 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| CVE-2021-42306 | 2021-11-24 | Azure Active Directory Information Disclosure Vulnerability |
| CVE-2021-42308 | 2021-11-24 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2021-43211 | 2021-11-24 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| CVE-2021-43220 | 2021-11-24 | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2021-43221 | 2021-11-24 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2021-20835 | 2021-11-24 | Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker... |
| CVE-2021-20840 | 2021-11-24 | Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20841 | 2021-11-24 | Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. |
| CVE-2021-20842 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web... |
| CVE-2021-20843 | 2021-11-24 | Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated... |
| CVE-2021-20844 | 2021-11-24 | Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38... |
| CVE-2021-20845 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a... |
| CVE-2021-20846 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary... |
| CVE-2021-20848 | 2021-11-24 | Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20850 | 2021-11-24 | PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary... |
| CVE-2021-32037 | 2021-11-24 | User may trigger invariant when allowed to send commands directly to shards |
| CVE-2021-40369 | 2021-11-24 | XSS vulnerability on Denounce plugin |
| CVE-2021-44140 | 2021-11-24 | Arbitrary file deletion on logout |
| CVE-2021-3552 | 2021-11-24 | Insufficient validation on regular expression in EPPUpdateService config file (VA-9825) |
| CVE-2021-3554 | 2021-11-24 | Improper Access Control vulnerability in the patchesUpdate API |
| CVE-2021-3553 | 2021-11-24 | Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) |
| CVE-2021-38873 | 2021-11-24 | IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force... |
| CVE-2021-43268 | 2021-11-24 | An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double... |
| CVE-2021-36917 | 2021-11-24 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability |
| CVE-2021-36916 | 2021-11-24 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability |
| CVE-2021-21980 | 2021-11-24 | The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain... |
| CVE-2021-22049 | 2021-11-24 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443... |
| CVE-2021-34423 | 2021-11-24 | Buffer overflow in Zoom client and other products |
| CVE-2021-34424 | 2021-11-24 | Process memory exposure in Zoom Client and other products |
| CVE-2021-22957 | 2021-11-24 | A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with... |
| CVE-2021-43778 | 2021-11-24 | Path traversal in GLPI barcode plugin |
| CVE-2021-41268 | 2021-11-24 | Cookie persistence in Symfony |
| CVE-2021-41267 | 2021-11-24 | Webcache Poisoning in Symfony |
| CVE-2021-41270 | 2021-11-24 | CSV Injection in Symfony |
| CVE-2021-44219 | 2021-11-24 | Gin-Vue-Admin before 2.4.6 mishandles a SQL database. |
| CVE-2021-44223 | 2021-11-25 | WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that... |
| CVE-2021-44225 | 2021-11-26 | In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some... |
| CVE-2021-38685 | 2021-11-26 | Command Injection Vulnerability in VioStor |
| CVE-2021-38686 | 2021-11-26 | Improper Authentication Vulnerability in VioStor |
| CVE-2021-25269 | 2021-11-26 | A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos... |
| CVE-2021-36807 | 2021-11-26 | An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. |
| CVE-2020-7881 | 2021-11-26 | AfreecaTV streamer service stack-based buffer overflow |
| CVE-2021-26611 | 2021-11-26 | HejHome IP Camera use of hard-coded credentials vulnerability |
| CVE-2021-26615 | 2021-11-26 | bandisoft ARK library integer overflow vulnerability |
| CVE-2021-36843 | 2021-11-26 | WordPress Floating Social Media Icon plugin <= 4.3.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-35533 | 2021-11-26 | Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series |
| CVE-2021-40833 | 2021-11-26 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-36919 | 2021-11-26 | WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-41243 | 2021-11-26 | OS Command Injection Vulnerability and Potential Zip Slip Vulnerability |
| CVE-2021-41279 | 2021-11-26 | Zip Slip Vulnerability in BaserCMS |
| CVE-2021-43776 | 2021-11-26 | XSS vulnerability in @backstage/plugin-auth-backend |